Just curious, where are you getting $hasedPassword from that you are passing into CheckPassword()?

ayonkhan
—
2013-01-29T22:19:59Z —
#3

K_Wolfe said:

Just curious, where are you getting $hasedPassword from that you are passing into CheckPassword()?

From database.

KyleWolfe
—
2013-01-29T22:23:51Z —
#4

I'm a little confused as to what this "framework" is doing then. There could only possibly be a few lines of code behind that function to encrypt / salt the provided pass. Actually if your pulling the hashed pwd yourself, then it could only be a static salt which is garbage anyways.

Short answer, yes it should be fine to pass POST directly to that script. I'd have a look around at some threads / pages on this topic though. Since your concerned with security, you'll gain experience + more security from writing something yourself after learning a bit more on the topic. There's not too much to it

Eh, thanks but no thanks. Unless its retrieving my salt, hash, user input, checking user input, and then on success resalting and rehashing, I'm not interested. Even if it did all of that, we are only talking about 10-15 lines of code that I would much rather write myself.